Author: Admin

Categories
AI Today in 5

AI Today in 5: February 11, 2026, The Hits and Misses Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. Hits and misses in compliance using AI. (CW)
  2. Turning AI into a competitive advantage. (IBS Intelligence)
  3. Preparing for AI-powered investigations. (CCI)
  4. How AI intensifies work. (HBR)
  5. Deploying AI against financial crime. (PYMNTS)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
Blog

AI, Compliance, and the Missing “Why”: Highlights from the Compliance Week AI Conference

If there was one clear message coming out of Compliance Week’s January 2026 AI conference, The Leading Edge: Applying AI and Data Analytics in E&C, it was not about tools, vendors, or futuristic promises. It was about discipline. More specifically, it was about something compliance professionals have preached for decades and are now being pressured to skip: the “why.”

In a recent episode of the podcast From the Editor’s Desk, I sat down with Compliance Week Editor in Chief Aaron Nicodemus to gather his reflections on the conference and its implications for compliance leaders. What emerged was not a story about artificial intelligence replacing compliance, but about AI exposing weaknesses in how organizations make decisions, manage pressure from the top, and integrate ethics into innovation. For compliance professionals, the discussion was a reminder that AI is not a technology problem. It is a governance problem.

The Step Everyone Is Skipping: Why Before What

One of the most striking takeaways from the conference came from Jen Gennai, former AI Ethics and Compliance Advisor at Google. Her message was deceptively simple: companies are skipping the “why.” Organizations are rushing to implement AI tools without first articulating what problem they are trying to solve or why AI is the appropriate solution. Instead of defining the use case and then selecting the right tool, teams are buying technology first and hoping value emerges later.

For compliance professionals, this should sound uncomfortably familiar. Risk management, third-party due diligence, investigations; every mature compliance process begins with a defined purpose. There is a reason the first step in the third-party risk management process is the Business Rationale. This is the ‘why’, requiring a business sponsor to explain why your organization needs a new or different business partner. Yet when AI enters the picture, that discipline often evaporates. The result is experimentation without accountability and pilots without strategy.

The irony is that compliance already knows how to do this. The failure is not a lack of knowledge; it is pressure.

Tone at the Top, Revisited: Pressure Without Direction

According to a recent Compliance Week and konaAI study released at the conference, more than 60 percent of compliance officers feel pressure from the board or C-suite to “use AI.” Not to use it in a specific way. Not to achieve a defined outcome. To use it. This top-down mandate creates a new kind of compliance risk. When leadership demands adoption without guidance, teams feel compelled to move quickly, sometimes cutting corners they would never cut in other risk domains.

This is not inherently nefarious. Boards are doing what they believe is necessary to keep their organizations competitive. But pressure without clarity creates the conditions for poor governance. Compliance leaders must recognize this moment not as a threat, but as an opening. Because when leadership says “use AI,” compliance has an opportunity to respond with structure: identify manual pain points, define defensible use cases, and align AI deployment with existing policies and ethical standards. The mandate may be broad, but the implementation can and should be deliberate.

Humans in the Loop: Why Oversight Is Not Optional

Another recurring theme from the conference was the danger of letting AI evaluate AI. Scaling tools without human oversight compounds error. One flawed assumption becomes many. Bias multiplies. Outputs drift. The lesson here is not anti-technology; it is pro-governance. AI works best when humans remain embedded throughout the lifecycle: selecting tools, defining scope, reviewing outputs, and deciding whether the system is working at all.

This aligns squarely with long-standing compliance principles. Judgment-heavy decisions, investigations, escalations, and remediations must remain human. Attempting to automate them introduces fairness and defensibility risks that no compliance program can explain away after the fact. AI should accelerate compliance work, not absolve responsibility for it.

Trust and Integrity: The Core Compliance Tension with AI

The most profound tension discussed at the conference was philosophical. Compliance programs are built on trust and integrity. AI, by contrast, is often perceived as opaque, untrustworthy, and occasionally wrong. This creates a credibility problem.

Why would a compliance function that spends years telling employees to act ethically, verify sources, and question assumptions deploy a tool that fabricates answers or cannot explain its reasoning? If compliance cannot articulate why an AI system aligns with the organization’s ethical standards, it should not be deployed, no matter how efficient it appears to be. Trust is not just about outputs. It extends to inputs, data quality, and understanding how systems interact with information. AI amplifies what it is given. Bad data does not improve through automation; it spreads faster.

Iteration Over Perfection: Learning Is Part of the Process

A healthy counterpoint emerged as well: AI is not a one-shot deployment. It requires iteration. Early failures are not proof that AI does not work; they are evidence that learning has begun. Several speakers emphasized that AI improves through feedback. Teams must be willing to correct it, teach it, and refine its outputs over time. Compliance professionals who abandon tools after one or two imperfect attempts misunderstand how the technology functions.

That said, iteration does not excuse carelessness. Learning must occur within guardrails: governance frameworks, usage boundaries, and documentation matter more, not less, when tools evolve.

Compliance as Value Creator, Not Speed Bump

One of the most encouraging insights from the conference was how AI is reshaping compliance’s role inside organizations. When compliance is involved early, before tools are rolled out, it becomes a partner in innovation rather than an obstacle.

Nicodemus pointed out companies like Robinhood, and Hemma Lomax, Deputy General Counsel, Vice President, and Head of Business Integrity at DocuSign, illustrated this point clearly. Compliance teams that embed themselves in product development and operational change help shape tools that work within ethical and regulatory boundaries from the start. That credibility compounds.

Lomax noted that at DocuSign, she and her compliance teams have gone further, creating AI agents that perform defined tasks continuously, with built-in ethical guardrails. When these tools are handed to new users, the hard questions have already been answered. This is how compliance becomes a competitive advantage; not by saying no, but by helping the business say yes safely.

No Experts, Only Practitioners

Another refreshing theme from the conference was humility. No one claimed to be an AI expert. Especially not in compliance. That matters. When technologies move quickly, false certainty is dangerous. Compliance professionals should not be intimidated by those who claim mastery. Instead, they should lean into their strengths: skepticism, documentation, and principled decision-making. AI does not require omniscience. It requires informed judgment.

The Vibe Shift: From Fear to Engagement

Perhaps the most telling insight came not from the stage, but from the hallways. Compared to earlier events, the mood around AI has shifted. Compliance professionals are no longer crossing their arms in resistance. They recognize the benefits and risks and want to engage. No one believes AI will disappear. The debate is no longer whether to use it, but how. Some organizations will lean in aggressively. Others will move cautiously. All will need compliance to guide those choices. The most effective analogy offered was this: AI is like a very confident intern. Smart. Fast. Occasionally wrong. Useful, but never in charge.

Conclusion: AI Is a Compliance Opportunity, If Compliance Leads

The Compliance Week AI conference made one thing clear: AI is not undermining compliance. It is testing it. Programs that lack clarity, governance, or confidence will struggle. Programs that know who they are, what they stand for, and how they make decisions will thrive. For compliance professionals, the question is not whether AI belongs at the table. It already sits there. The real question is whether compliance will claim its seat, not as a roadblock, but as the function that ensures innovation aligns with integrity. That is not a burden. It is an opportunity.

Categories
Great Women in Compliance

Great Women in Compliance: Why Decision Rubrics Matter in the Age of AI with Hemma Lomax and Shalini Rajoo

In this conversation, GWIC host Dr. Hemma R. Lomax and Shalini Rajoo explore the critical role of decision rubrics in governance, accountability, and trust, especially in the context of AI. Shalini shares her journey from law to compliance, emphasizing the importance of understanding systems and the impact of leadership on decision-making processes. They discuss how transparency and clarity in decision-making can build trust within organizations and the necessity of responsible AI governance. Practical tips for improving decision quality are also provided, highlighting the importance of self-awareness and critical thinking in leadership.

Takeaways:

  • The biggest risk in governance is unclear decisions.
  • AI amplifies existing clarity or confusion in decision-making.
  • Systems and rules reflect the identities of their architects.
  • Everyone has an impact on those around them every day.
  • Leadership is about improving the people around you.
  • It’s not just about rules; it’s about how people behave.
  • Decision rubrics provide consistency and predictability in outcomes.
  • Transparency in decision-making processes builds trust.
  • Slowing down to ask questions can lead to better decision-making.
  • Writing down the reasons for decisions brings clarity and accountability.

Sound bites:

“Systems and rules are not inherently neutral.”

“Transparency in decision making builds trust.”

“Slow is smooth, and smooth is fast.”

Chapters:

00:00 Introduction to Decision Rubrics and Governance

02:55 Shalini’s Journey: From Law to Governance

06:09 The Impact of Systems on Leadership and Accountability

09:09 Transitioning to Compliance and Ethics

11:49 Understanding Decision Rubrics in Compliance

15:06 The Role of Leadership in Decision Making

18:03 Designing Conditions for Effective Decision Making

20:47 The Importance of Transparency in Decision Processes

24:09 Decision Rubrics: Building Trust in Organizations

26:49 AI and Governance: Leadership Infrastructure Failures

29:47 Responsible AI: The Role of Ethics and Compliance

32:55 Practical Tips for Improving Decision Quality

36:00 Conclusion: The Future of Decision Making in AI

Guest Biography:

Shalini Rajoo is the Founder and Principal Consultant of Shalini Rajoo Advisory, LLC, where she partners with organizations to design governance, compliance, and decision-making systems that are resilient, trustworthy, and aligned to real operational pressures. Across more than two decades in law, compliance, HR, and organizational leadership, Shalini has helped companies and leaders move beyond check-the-box frameworks to build structures that embed accountability, clarity, and performance into everyday decisions.

She began her career in South Africa, first as a public prosecutor and then leading regulatory work with the Department of Trade and Industry, collaborating with legislative and executive stakeholders on corporate, competition, and consumer law. After relocating to the U.S., Shalini practiced commercial litigation. She later served as Director of Global Business Conduct for a Fortune 500 company, where she redesigned ethics and compliance systems, led global risk assessments, and championed psychological safety and integrity-based practices.

Today, Shalini’s work centers on helping leaders clarify decision rights, governance architectures, and accountability pathways — especially as organizations adopt AI and automation. She recently spoke at the Opal Group’s Corporate Governance & Ethics in the Age of AI conference, where she reframed AI governance as a leadership-infrastructure challenge rather than a purely technical or compliance one.

Categories
AI Today in 5

AI Today in 5: February 10, 2026, The AI Redefining GRC Edition

Welcome to AI Today in 5, the newest addition to the Compliance Podcast Network. Each day, Tom Fox will bring you 5 stories about AI to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the AI Today In 5. All, from the Compliance Podcast Network. Each day, we consider five stories from the business world, compliance, ethics, risk management, leadership, or general interest about AI.

Top AI stories include:

  1. How AI is redefining GRC. (GulfNews)
  2. AI-assisted workforce leave compliance program. (USAToday)
  3. How to integrate AI into your compliance workflows. (AOL)
  4. How AI can speed compliance research. (FedScoop)
  5. Data sovereignty for AI compliance. (TechTarget)

For more information on the use of AI in Compliance programs, my new book, Upping Your Game, is available. You can purchase a copy of the book on Amazon.com.

Categories
Daily Compliance News

Daily Compliance News: February 10, 2026, The Athletes, Injuries and Ethics Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Prediction markets v. casinos at war over gambling. (NYT)
  • Banks want ‘pound of flesh’ in RTO. (FT)
  • Who gets to decide when athletes should not compete? (Reuters)
  • Google staff call for the company to cut ties with ICE. (BBC)
Categories
Innovation in Compliance

Innovation in Compliance – Proactive Compliance Frameworks for Evolving AI Regulations with Yakir Golan

Innovation occurs across many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom Fox welcomes Yakir Golan, CEO & Co-founder at Kovrr, who shares his professional journey from the Israeli intelligence community to his current role at Kovrr.

With a rich background in Israel’s intelligence community and significant experience with cybersecurity vendors, Golan champions integrating frameworks with analytics to effectively assess and navigate risks, emphasizing governance as a vital component for sustained innovation. He advocates proactive measures to address AI-enabled insider threats, urging businesses not to wait for perfect regulatory clarity amid the fast-paced evolution of AI technologies. Golan’s holistic approach to compliance transcends mere regulatory adherence, focusing on business-driven proficiency in cybersecurity and AI to meet the dynamic demands of the business landscape.

 

Key highlights:

  • Financial Models for AI Risk Governance
  • Enhancing AI Governance with Adaptive Frameworks
  • Empowering Innovation Through Strategic Governance and Compliance
  • Unified Approach: AI-Cybersecurity in Enterprise Risk Management

Resources:

Yakir Golan on LinkedIn

Kovrr 

Innovation in Compliance was recently ranked Number 4 in Risk Management by 1,000,000 Podcasts.

Categories
Blog

From Enforcement-Driven to Purpose-Driven Compliance

For more than two decades, corporate compliance programs have been built around one central organizing principle: enforcement. Where regulators go, compliance resources follow. When the Department of Justice prioritizes anticorruption, companies invest in FCPA controls. When regulators turn to privacy, cybersecurity, or AML, compliance budgets pivot accordingly. This enforcement-driven approach has shaped the modern compliance profession.

Yet, as Veronica Root Martinez persuasively argues in her recent working paper, Purpose-Driven Compliance, this dominant model may be fundamentally flawed, certainly in the era of Trump.  Despite unprecedented investments in compliance infrastructure, corporate misconduct persists. Repeat offenders remain common. Penalties grew larger, but behavior did not meaningfully improve. For compliance professionals, this raises an uncomfortable question: are we optimizing for the wrong objective?

Martinez’s answer is both challenging and clarifying. Compliance programs should not be primarily designed to satisfy enforcement authorities or to maximize mitigation credit after failure. Instead, they should be anchored in the organization’s own purpose, business risks, and ethical standards. In short, it is time to move from enforcement-driven compliance to purpose-driven compliance.

The Limits of Enforcement-Driven Compliance

The enforcement-driven model rests on two assumptions. First, that enforcement priorities reflect a company’s most significant risks. Second, that imperfect compliance is inevitable and acceptable so long as the organization can demonstrate good-faith efforts. Martinez brings both under scrutiny.

Regulatory priorities often lag behind real business risks. Enforcement agencies focus on certain categories of misconduct because they are visible, politically salient, or historically entrenched. But the risks that most threaten an organization’s mission may lie elsewhere. Martinez highlights how firms can become over-invested in compliance areas that attract enforcement attention while under-investing in mission-critical risks to their operations.

The second assumption, that some level of misconduct is acceptable, is even more troubling. Behavioral ethics research suggests that tolerating small violations creates conditions for larger ones. When leaders frame misconduct as statistically insignificant or “within expectations,” they risk normalizing behavior that undermines culture, trust, and ultimately performance. Wells Fargo’s infamous “1% problem” illustrates this danger. Senior leadership took comfort in the idea that only a small fraction of employees were engaging in misconduct, failing to appreciate that those numbers reflected only the misconduct that had been detected.

An enforcement-driven mindset encourages this type of thinking. If the organization is sanctioned, then low detection rates look like success. But if the question is whether the organization is living up to its own purpose and values, the same data tell a very different story. This is not the broken windows theory of enforcement, but something else.

The Cost of Treating Compliance as a Cost of Doing Business

Another weakness of enforcement-driven compliance is that it can turn sanctions into a predictable line item. As firms grow larger and penalties are discounted through cooperation credit, fines risk being internalized as a cost of doing business. Empirical work cited by Martinez suggests that large, repeat offenders often pay penalties that are small relative to their assets and revenues. In that environment, enforcement loses much of its deterrent effect.

For compliance professionals, this dynamic creates a structural tension. Programs may be technically “effective” under DOJ guidance while still failing to prevent misconduct that harms customers, employees, and communities. The distinction between standards of review and standards of conduct becomes critical. Meeting the government’s expectations for leniency is not the same as meeting the organization’s ethical obligations to itself and its stakeholders.

What Is Purpose-Driven Compliance?

Purpose-driven compliance begins with a simple but powerful shift in perspective. Instead of asking, “What does the regulator expect?” the organization asks, “What risks threaten our ability to achieve our purpose and what standards of conduct are required to address them?” Martinez defines purpose-driven compliance as programs directed by three elements: the firm’s purpose, the inherent risks associated with pursuing that purpose, and the ethical standards the organization sets for itself. This approach does not reject enforcement frameworks; rather, it treats them as a floor, not a ceiling.

In practical terms, purpose-driven compliance requires leadership to articulate why the organization exists and how misconduct undermines that mission. For a bank, this may mean focusing on customer trust and market integrity. For a pharmaceutical company, it may mean prioritizing patient safety and scientific integrity. For a university, it may mean safeguarding academic freedom and institutional trust. For a summer camp, it means protecting the campers from flash floods and other storms.

Once the purpose is clearly defined, compliance risk assessments become more meaningful. Risks are evaluated not only by enforcement exposure but by their potential to compromise the organization’s core objectives. This reframing helps compliance leaders resist the temptation to chase regulatory trends at the expense of mission-critical risks.

Moving Beyond Mitigation to Aspirational Standards

A key insight in Martinez’s work is that firms often confuse mitigation with excellence. Compliance programs are designed to minimize penalties rather than to maximize ethical performance. Purpose-driven compliance challenges that mindset by encouraging organizations to adopt high, ethical, and aspirational standards of conduct.

This does not mean pursuing perfection through draconian controls or internal criminalization. Martinez rightly warns against overdeterrence and strict liability regimes that incentivize concealment rather than transparency. Instead, purpose-driven compliance emphasizes ethical framing, employee voice, and organizational learning. Compliance should never be Dr. No, sitting in the Department of Business Non-Development.

The examples of Wells Fargo and Novartis are instructive. Both organizations suffered repeated compliance failures under enforcement-driven regimes. Their subsequent reforms went beyond addressing the specific violations that triggered enforcement. They re-examined culture, leadership incentives, and ethical expectations. In Novartis’s case, tying bonuses to ethical performance and co-creating a new code of ethics signaled a shift from box-checking to values anchored in purpose.

Why Purpose-Driven Compliance Matters for the Modern CCO

For today’s chief compliance officer, Martinez believes purpose-driven compliance offers three critical benefits.

First, it creates durability. Enforcement priorities shift with administrations. Indeed, this Administration has signaled a cutback in white-collar enforcement by offering essentially get-out-of-jail-free cards to companies that self-disclose early. This underscores the importance of compliance programs. A compliance program anchored solely in regulatory expectations will always be reactive. Purpose-driven programs are more stable because they are tied to the organization’s identity rather than external politics.

Second, it improves the quality of compliance metrics. Measuring effectiveness against internal standards allows organizations to ask harder questions about culture, decision-making, and root causes. Not every initiative will succeed, but a willingness to acknowledge failure is itself a sign of program maturity.

Third, it enhances credibility with boards and senior leadership. When compliance is framed as a strategic partner in achieving the organization’s mission, rather than as a defensive function, it earns a more meaningful seat at the table.

Conclusion

Compliance has never been more sophisticated, expensive, or visible. Yet sophistication alone does not guarantee effectiveness. Martinez’s Purpose-Driven Compliance challenges compliance professionals to rethink the foundations of their programs. Enforcement-driven compliance has taken us far, but it cannot take us far enough.

The next evolution of compliance requires organizations to define their own standards of conduct, grounded in purpose, risk, and ethics. That shift is not easy. It requires courage from compliance leaders and commitment from boards and executives. But if compliance is truly about preventing harm and sustaining trust, purpose-driven compliance is not optional. It is essential.

Categories
The PfBCon Podcast

The PfBCon Podcast: Leveraging Podcasting for Building Personal Brands with Brent Carlson and Mike Huneke

Brent Carlson and Mike Huneke from the Red Flags Rising podcast discuss their journey in building personal brands through podcasting.

Brent, a Principal and Chief Solutions Officer at Red Flags Rising Solutions, LLC, and Mike, a Partner at Morgan, Lewis & Bockius, share insights on using podcasting to create authentic connections, expand professional networks, and address timely industry topics. They emphasize the importance of quality, consistency, and having a genuine passion for your subject matter. The discussion also covers practical tips on choosing the right equipment, the benefits of LinkedIn for promotion, and the value of having a unique style that resonates with your audience. The episode underscores the impact of podcasting on establishing professional credibility and on driving business growth.

Key highlights:

  • The Power of Podcasting for Personal Branding
  • Building Connections and Community
  • Starting the Red Flags Rising Podcast
  • Creating Engaging and Practical Content
  • Promoting Your Podcast Effectively
  • Investing in Quality Equipment
  • Using Podcasts for Business Development

Resources:

Follow Brent and Mike on LinkedIn:

Brent Carlson

Mike Huneke

Follow Red Flags Rising on:

Website

Spotify

RSS. Com

YouTube

Compliance Podcast Network

Apple Podcast

Listen Notes

Categories
FCPA Compliance Report

FCPA Compliance Report – FCPA Enforcement Shifts: Volatility and Uncertainty

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode,  host Tom Fox welcomes Anik Shah, Director & Senior Legal Counsel at Sandisk, for an insightful discussion about the pivotal changes and enforcement actions around the FCPA in 2025 and their implications for 2026.

In 2025, Anik Shah, a preeminent authority on FCPA and anti-corruption enforcement, offers a strategic perspective on the evolving compliance landscape. Given the recent uncertainties following an executive order and the dismissal of high-profile cases, Shah underscores the necessity for companies to maintain robust anti-bribery and anti-corruption controls, especially with potential reprioritization by the Department of Justice. He advocates a proactive risk management approach, emphasizing the importance of third-party risk management and comprehensive training to anticipate and mitigate potential FCPA issues. As enforcement focus shifts toward addressing cartel and transnational criminal organization activities, Shah advises companies to integrate anti-money laundering processes into their compliance strategies to align with global anti-corruption efforts.

Key highlights:

  • 2025 FCPA Enforcement Shifts and Uncertainty
  • Voluntary Self-Disclosure Policy Revolution in 2025
  • Cartel Risk Mitigation through Compliance Integration
  • Central Asia Construction Projects: Anti-Corruption Measures
  • Proactive Measures: Fostering Anti-Corruption Compliance Awareness

Resources:

Anik Shah on LinkedIn

Sandisk

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Returning to Venezuela on Amazon.com

Categories
Daily Compliance News

Daily Compliance News: February 9, 2026, The Is Netflix a Monopoly Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Knock off obesity pill pulled from market. (NYT)
  • Former Norwegian Prime Minister under investigation over corruption from Epstein files. (Politico)
  • Jay Clayton promises a bigger get out of jail free card. (Reuters)
  • DOJ to investigate if Netflix is a monopoly. (WSJ)